“How Attackers Break Programs, and How to Write Programs More Securely”,
M. Bishop,
SANS 2002, Baltimore, MD (May 2002).
[HTML]
[PDF] [PS]
My setuid programming tutorial. I used to give it occasionally at NS and
SANS (from where this version came). This is the tutorial book that was
handed out at the 2002 SANS. I haven’t given it since.

Papers and Technical Reports

“Robust Programming by Example,”
M. Bishop and C. Elliott,
Proceedings of the Seventh World Conference on Information Security Education
pp. 23–30 (June 2011).
This is a published version of “Robust Programming,” below.

“Applying Formal Methods Informally,”
M. Bishop, B. Hay, and K. Nance,
Proceedings of the 44th Hawaii International Conference on System Sciences
pp. 1–8 (Jan. 2011).
This is a published version of “Adapting Formal Methods for Informal Use,”
above.

As soon as we started programming, we found to our surprise that it
wasn’t as easy to get programs right as we had thought. Debugging had to
be discovered. I can remember the exact instant when I realized that a
large part of my life from then on was going to be spent in finding
mistakes in my own programs.
— Maurice Wilkes, designer of EDSAC, on programming, 1949